From 5a23ead9470060182df94decc0cf409afdd34808 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 1 Apr 2026 07:46:16 +0000 Subject: [PATCH 1/3] Initial plan From a63a2a2659e017849d6ef35fbef876f6270ab4f8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 1 Apr 2026 07:48:58 +0000 Subject: [PATCH 2/3] fix: remove global env block exposing AK/SK secrets in workflow Agent-Logs-Url: https://github.com/hexqi/tiny-robot/sessions/47bc92e6-7fda-4bfe-893c-24ddc6250ba1 Co-authored-by: hexqi <18585869+hexqi@users.noreply.github.com> --- .../workflows/deploy-playground-to-cdn.yml | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/deploy-playground-to-cdn.yml b/.github/workflows/deploy-playground-to-cdn.yml index 134bdb1b2..5be3d5708 100644 --- a/.github/workflows/deploy-playground-to-cdn.yml +++ b/.github/workflows/deploy-playground-to-cdn.yml @@ -9,12 +9,6 @@ on: default: true type: boolean -env: - HUAWEI_CLOUD_AK: ${{ secrets.HUAWEI_CLOUD_AK }} - HUAWEI_CLOUD_SK: ${{ secrets.HUAWEI_CLOUD_SK }} - HUAWEI_CLOUD_ENDPOINT: ${{ secrets.HUAWEI_CLOUD_ENDPOINT }} - HUAWEI_CLOUD_BUCKET: ${{ secrets.HUAWEI_CLOUD_BUCKET }} - jobs: check-secrets: runs-on: ubuntu-latest @@ -154,13 +148,18 @@ jobs: sudo mv obsutil_linux_amd64_*/obsutil /usr/local/bin/obsutil - name: Configure and Upload to OBS + env: + HUAWEI_CLOUD_AK: ${{ secrets.HUAWEI_CLOUD_AK }} + HUAWEI_CLOUD_SK: ${{ secrets.HUAWEI_CLOUD_SK }} + HUAWEI_CLOUD_ENDPOINT: ${{ secrets.HUAWEI_CLOUD_ENDPOINT }} + HUAWEI_CLOUD_BUCKET: ${{ secrets.HUAWEI_CLOUD_BUCKET }} run: | - obsutil config -i=${{ env.HUAWEI_CLOUD_AK }} \ - -k=${{ env.HUAWEI_CLOUD_SK }} \ - -e=${{ env.HUAWEI_CLOUD_ENDPOINT }} + obsutil config -i=$HUAWEI_CLOUD_AK \ + -k=$HUAWEI_CLOUD_SK \ + -e=$HUAWEI_CLOUD_ENDPOINT # Upload to versioned path obsutil cp ./packages/playground/dist \ - obs://${{ env.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path }} \ + obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path }} \ -r -f -flat # If is_latest_release is true, also upload to latest path @@ -169,9 +168,9 @@ jobs: find ./packages/playground/dist -type f \( -name "*.html" -o -name "*.js" -o -name "*.mjs" -o -name "*.css" \) \ -exec sed -i "s|${{ needs.build.outputs.cdn-base }}|${{ needs.build.outputs.cdn-base-latest }}|g" {} + obsutil cp ./packages/playground/dist \ - obs://${{ env.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path-latest }} \ + obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path-latest }} \ -r -f -flat fi - echo "Uploaded to: obs://${{ env.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path }}" + echo "Uploaded to: obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path }}" echo "CDN URL: https://res-static.opentiny.design/${{ needs.build.outputs.obs-path }}" From 07e683136bacaec191e62ec4b88373a87b56a6d7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 1 Apr 2026 07:54:01 +0000 Subject: [PATCH 3/3] fix: remove step-level env block, reference secrets directly in run script Agent-Logs-Url: https://github.com/hexqi/tiny-robot/sessions/ef933941-a6d1-4319-a0be-8a8213658a88 Co-authored-by: hexqi <18585869+hexqi@users.noreply.github.com> --- .github/workflows/deploy-playground-to-cdn.yml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy-playground-to-cdn.yml b/.github/workflows/deploy-playground-to-cdn.yml index 5be3d5708..9c039ce3f 100644 --- a/.github/workflows/deploy-playground-to-cdn.yml +++ b/.github/workflows/deploy-playground-to-cdn.yml @@ -148,18 +148,13 @@ jobs: sudo mv obsutil_linux_amd64_*/obsutil /usr/local/bin/obsutil - name: Configure and Upload to OBS - env: - HUAWEI_CLOUD_AK: ${{ secrets.HUAWEI_CLOUD_AK }} - HUAWEI_CLOUD_SK: ${{ secrets.HUAWEI_CLOUD_SK }} - HUAWEI_CLOUD_ENDPOINT: ${{ secrets.HUAWEI_CLOUD_ENDPOINT }} - HUAWEI_CLOUD_BUCKET: ${{ secrets.HUAWEI_CLOUD_BUCKET }} run: | - obsutil config -i=$HUAWEI_CLOUD_AK \ - -k=$HUAWEI_CLOUD_SK \ - -e=$HUAWEI_CLOUD_ENDPOINT + obsutil config -i=${{ secrets.HUAWEI_CLOUD_AK }} \ + -k=${{ secrets.HUAWEI_CLOUD_SK }} \ + -e=${{ secrets.HUAWEI_CLOUD_ENDPOINT }} # Upload to versioned path obsutil cp ./packages/playground/dist \ - obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path }} \ + obs://${{ secrets.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path }} \ -r -f -flat # If is_latest_release is true, also upload to latest path @@ -168,9 +163,9 @@ jobs: find ./packages/playground/dist -type f \( -name "*.html" -o -name "*.js" -o -name "*.mjs" -o -name "*.css" \) \ -exec sed -i "s|${{ needs.build.outputs.cdn-base }}|${{ needs.build.outputs.cdn-base-latest }}|g" {} + obsutil cp ./packages/playground/dist \ - obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path-latest }} \ + obs://${{ secrets.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path-latest }} \ -r -f -flat fi - echo "Uploaded to: obs://$HUAWEI_CLOUD_BUCKET/${{ needs.build.outputs.obs-path }}" + echo "Uploaded to: obs://${{ secrets.HUAWEI_CLOUD_BUCKET }}/${{ needs.build.outputs.obs-path }}" echo "CDN URL: https://res-static.opentiny.design/${{ needs.build.outputs.obs-path }}"